Kenya’s commercial banks have announced a cyber-attack on their inter-bank transfer platform PesaLink, but said neither cash nor customer data were lost or stolen, reports Business Daily. Integrated Payments Service (IPSL), the operator of PesaLink, said it had nipped in the bud a hacking attempt into the low-level real-time gross settlement channel. IPSL chief executive Jennifer Theuri said an attempt to access the PesaLink platform had been intercepted, and its cyber-security team successfully managed to trace and stop the transactions, in close collaboration with the banking partners.
Sources told the Business Daily that the attack on the platform might have resulted in the loss of millions. PesaLink is owned by lenders’ lobby group Kenya Bankers Association and said it had reported the attack to Central Bank of Kenya.
PesaLink moves an average of KES 50 million daily. The platform has signed up 28 banks and allows transfers from as low as KES 10 to a high of KES 999,999 to any signed-up bank account, without going through operator’s mobile money wallets.
The hacking disclosure came as KCB customers remained locked out of the PesaLink service for the past fortnight in what the lender attributed to an ongoing upgrade of its software. The bank said it was racing to resolve the outage that has seen its 12 million customers unable to transfer cash on the platform. PesaLink was launched in February and had transacted KES 7 billion by August.